<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html>
        <head><p>
                <style>
                        .error {color: #FF0000;}
                </style>
                <title>New User</title>
        </head>
        <body>
        <?php
				//initialize all variables to be empty strings
                $first = $last = $email = $password = $dob = $address = $phone = $confPassword =  '';
                $firstErr = $lastErr = $emailErr = $passwordErr = $dobErr = $phoneErr = $addressErr = '';
                $arrCheck = 0;
                /*
                        This code block is accessed whenever a form has been submitted.
                        It checks that required fields are complete and also checks the format with preg_match.
                        Special characters are removed using the clean_field function.
                */
                if ($_SERVER["REQUEST_METHOD"] == "POST")
                {
                        if (empty ($_POST["first"])) {
                                $firstErr = "Please enter a first name";
                        }
                        else {
                                $first = clean_field ($_POST["first"]);
                                if (!preg_match("/^[a-zA-Z ]*$/", $first)) {
                                        $firstErr = "Names can only include letters and white space.";
                                }
                        }
                       
					   if (empty ($_POST["last"])) {
                                $lastErr = "Please enter a last name";
                        }
                        else {
                                $last = clean_field ($_POST["last"]);
                                if (!preg_match("/^[a-zA-Z ]*$/", $last)) {
                                        $lastErr = "Names can only include letters and white space.";
                                }
                        }
						
                        if (empty ($_POST["dob"])) {
                                $dobErr = "Please enter the name of your company.";
                        }
                        else {
                                $dob = clean_field ($_POST["dob"]);
                                if (!preg_match("/^[a-zA-Z ]*$/", $dob)) {
                                        $dobErr = "Company names can only include letters and white space.";
                                }
                        }
                       
                        if (empty ($_POST["email"])) {
                                $emailErr = "Please enter a valid email address";
                        }
                        else {
                                $email = clean_field ($_POST["email"]);
                                if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email)) {
                                        $emailErr = "Invalid email format. (ex: example@email.com)";
                                }
                        }
                       
                        if (empty ($_POST["password"])) {
                                $passwordErr = "Please enter a valid password";
                        }
                        else {	
								
                                $password = clean_field ($_POST["password"]);
								//$confPassword = /*clean_field ($_POST["password"])*/'Wesdf6666';
                                if (!preg_match("/^(?=.*[A-Z])(?=.*[0-9])(?=.*[a-z]).{8,}$/", $password)) {
                                        $passwordErr = "Invalid password. Passwords must contain at least 1 capital letter, 1 lower case letter, and 1 number, and be at least 8 characters long.";
                                }
								else if ($password != $confPassword) {
									    $passwordErr = "Passwords do not match!";
								}
                                else { //Generate a hashed password using a randomly generated salt. Store that salt in the database.
                                        $salt = openssl_random_pseudo_bytes(8);
                                        $salt = bin2hex($salt);
                                        $hashed_password = hash("sha256", $password . $salt);
                                }

                        }
                       
                        if (!empty ($_POST["phone"])) {
                                $phone = clean_field ($_POST["phone"]);
                                if (!preg_match("/^\d{3}-\d{3}-\d{4}$/", $phone)) {
                                        $phoneErr = "Invalid phone format. (ex: 123-456-7890)";
                                }
                        }
                       
                        if (!empty ($_POST["address"])) {
                                $address = clean_field ($_POST["address"]);
                                if (!preg_match("/^[0-9a-zA-Z ]*$/", $address)) {
                                        $addressErr = "Address can only contain letters, numbers, and whitespace.";
                                }
                        }

                        $errArray = array($firstErr, $lastErr, $emailErr, $passwordErr, $dobErr, $phoneErr, $addressErr);
                       
                        //Checking to see if there are any errors in the form submission.
                        foreach ($errArray as $key => $value) {
                                if (!empty($value))
                                        $arrCheck = 1;
                        }

                        if ($arrCheck == 0) {
                                $username = 'root';
                                $pw = 'gba2013';

                                //Connect to the database.
                                $con = mysqli_connect ("localhost", $username, $pw, 'elliphinos');

                                if (mysqli_connect_errno()) {
                                  echo "Failed to connect to MySQL: " . mysqli_connect_error();
                                }
                               
                                $phone2 = str_replace("-", "", $phone);

                                // Query for inserting all form data into the user table
                                mysqli_query ($con, "insert into users(email, first_name, last_name, dob, phone, address, salt)
                                        values('$email', '$hashed_password', '$name', '$company', '$phone2', '$address', '$salt')");
                                //There should be another query for uploading the actual file for the abstract.
                                mysqli_close($con);
                               
                                //Redirect to the home page after the form is successfully submitted.
                                //header("Location: /index.php");
                        }
                }
               
                //This function removes special characters from user input. Prevents script injection
                function clean_field ($data)
                {
                        $data = trim($data);
                        $data = stripslashes($data);
                        $data = htmlspecialchars($data);
                        return $data;
                }
                ?>

                <p><span class="error">* required</span></p>
                <form method="post" action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]);?>">
                        E-Mail: <input type="text" name="email" value="<?php echo $email?>">
                        <span class="error">* <?php echo $emailErr;?></span><br><br>
                       
                        First Name: <input type="text" name="first" value="<?php echo $first?>">
                        <span class="error">* <?php echo $firstErr;?></span><br><br>
                       
					   Last Name: <input type="text" name="last" value="<?php echo $last?>">
                        <span class="error">* <?php echo $lastErr;?></span><br><br>
					   
                        Company: <input type="text" name="dob" value="<?php echo $dob?>">
                        <span class="error">* <?php echo $dobErr;?></span><br><br>
                       
                        Phone Number: <input type="text" name="phone" value="<?php echo $phone?>">
                        <span class="error"> <?php echo $phoneErr;?></span><br><br>
                       
                        Address: <input type="text" name="address" value="<?php echo $address?>">
                        <span class="error"> <?php echo $addressErr;?></span><br><br>
						
                       Password: <input type="password" name="password" value="<?php echo $password?>">
                        <span class="error">* <?php echo $passwordErr;?></span><br><br>
						
						Confirm Password: <input type="password" name="confPassword" value="<?php echo $confPassword?>">
                        <span class="error">* <?php echo $passwordErr;?></span><br><br>
						
                        <input type="submit" name="submit" value="Submit">
                </form>
        </body>
</html>
